tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
24387 commits 1 branch 0 tags 50 MiB
Commit graph

24387 commits

This branch
This branch
All branches
Author SHA1 Message Date
Steven Moreland
5c0a0a8190 Remove binder_in_vendor_violators. 
It's release blocking if devices specify it. Since none are used
in-tree anymore, no reason to every use this again.

Bug: 131617943
Test: grepping source/build (which validates this isn't used)
Change-Id: I6f98ab9baed93e11403a10f3a0497c855d3a8695
 2020-08-27 00:00:35 +00:00
Jeff Vander Stoep
21e31aa106 Refer to hal_dumpstate_server in neverallow rules am: 684d25b75a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1409808

Change-Id: I774bc0e8a6f2113b0cfd5033eb19b6261056a667
 2020-08-25 16:07:47 +00:00
Jeff Vander Stoep
684d25b75a Refer to hal_dumpstate_server in neverallow rules 
hal_dumpstate gets optimized away by the policy compiler causing
a CTS failure:
neverallow {   -init   -dumpstate   -hal_dumpstate   -vendor_init } hal_dumpstate_config_prop:file { { append create link unlink relabelfrom rename setattr write } open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads };
Warning!  Type or attribute hal_dumpstate used in neverallow undefined in policy being checked

Fixes: 166168257
Test: build policy
Change-Id: Ia7437b8297794502d496e9bd9998dddfdcb747ef
 2020-08-25 11:41:00 +02:00
Treehugger Robot
a7189abd95 Merge "Fix product property type macros" am: dab50ef0a3 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1409727

Change-Id: I2b4df7b5d0e0403345fb560e4f50bde6ee76af5a
 2020-08-25 09:40:38 +00:00
Treehugger Robot
dab50ef0a3 Merge "Fix product property type macros" 2020-08-25 08:50:18 +00:00
Inseob Kim
c9610def68 Fix product property type macros 
Bug: N/A
Test: build with product_*_prop(...)
Change-Id: Iac906b41ec69023abd41881462f09e268944816b
 2020-08-25 16:38:13 +09:00
Benjamin Schwartz
70710e378c Revert "Create Power Stats AIDL interface" am: 6b5deb1e3f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1407072

Change-Id: Iaa57ddfce9f477449faadd00cc732a4fe9dd158a
 2020-08-21 16:02:50 +00:00
Benjamin Schwartz
6b5deb1e3f Revert "Create Power Stats AIDL interface" 
Revert "Fix sepolicy for con_monitor"

Revert submission 1404976-bs_ps_aidl

Reason for revert: Caused build breakages b/165908363
Reverted Changes:
I17883a16f:Fix sepolicy for con_monitor
Icd029f58a:Create Power Stats AIDL interface

Change-Id: Iab2a7ef6fcef40c59275db37b6fca090b304e9da
 2020-08-21 15:35:25 +00:00
Benjamin Schwartz
bab245dde9 Create Power Stats AIDL interface am: ba876ef1b3 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1404976

Change-Id: Ic98ab844c925d9889015bbdaf4095b5d1b6b8e1e
 2020-08-21 14:28:37 +00:00
Benjamin Schwartz
ba876ef1b3 Create Power Stats AIDL interface 
Bug: 162472196
Test: m
Merged-In: I948ef2959b25d776d3b01985fea5eb695fd4fc1e
(cherry picked from commit 550e376769)
Change-Id: Icd029f58a7babee0ad8249087b76683d104736d5
 2020-08-20 23:25:55 +00:00
Songchun Fan
8af2dcd05c Merge "[selinux] allow system_server to call INCFS_IOC_GET_FILLED_BLOCKS ioctl" am: 1d4f2221cd 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1404978

Change-Id: Id571d508cb5f699f2970d1d53225c106cac8234c
 2020-08-20 17:16:43 +00:00
Songchun Fan
1d4f2221cd Merge "[selinux] allow system_server to call INCFS_IOC_GET_FILLED_BLOCKS ioctl" 2020-08-20 17:07:40 +00:00
Songchun Fan
4be0afbfb7 [selinux] allow system_server to call INCFS_IOC_GET_FILLED_BLOCKS ioctl 
This allows Incremental Service (part of system_server) to query the
filled blocks of files on Incremental File System.

Test: atest service.incremental_test
BUG: 165799231
Change-Id: Id63f8f325d92fef978a1ad75bd6eaa8aa5e9e68b
 2020-08-20 16:00:00 +00:00
Yo Chiang
3d0ebdc97c Merge "Add ioctl FS_IOC_GETFLAGS access for gsid" am: 36370e8242 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1403273

Change-Id: I54724cebccf7fa14f3e1ba20ba5bca1ca20d3ccb
 2020-08-20 04:42:37 +00:00
Yo Chiang
36370e8242 Merge "Add ioctl FS_IOC_GETFLAGS access for gsid" 2020-08-20 04:09:03 +00:00
Yo Chiang
a5d256282e Add ioctl FS_IOC_GETFLAGS access for gsid 
gsid needs this to check if the underlying F2FS filesystem supports
file pinning.

Bug: 164988795
Test: Install a DSU package on CF
Test: avc denial goes away
Change-Id: Idc2456d7576cf61f6f891c082228c5143378d733
 2020-08-19 07:56:17 +00:00
Inseob Kim
b64494b67f Reland "Add persist.dumpstate.verbose_logging.enabled to system/..." am: 46dd4be366 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1402517

Change-Id: I9fe4eae6ac856d54686bed1f619ef68d03ccadde
 2020-08-18 04:52:04 +00:00
Bonian Chen
528843bb9b Merge "Revert "Add persist.dumpstate.verbose_logging.enabled to system/..."" am: e4d26aef3e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1403129

Change-Id: I7e05f91fe1bf7ba620bf33f54f2c354176e66e71
 2020-08-18 02:33:41 +00:00
Inseob Kim
46dd4be366 Reland "Add persist.dumpstate.verbose_logging.enabled to system/..." 
This reverts commit 409c038d3c.

Reason for revert: fixed breakage

Bug: 163759751
Test: lunch sdk; m selinux_policy
Change-Id: I59d170cd3a764209d353d77372387fdc8719ea7f
 2020-08-18 11:31:42 +09:00
Bonian Chen
e4d26aef3e Merge "Revert "Add persist.dumpstate.verbose_logging.enabled to system/..."" 2020-08-18 02:21:32 +00:00
Roman Kiryanov
409c038d3c Revert "Add persist.dumpstate.verbose_logging.enabled to system/..." 
Revert submission 1401269-dumpstate-prop

Reason for revert: build break, "Failed to build policydb".
Reverted Changes:
I058100eac:Add persist.dumpstate.verbose_logging.enabled to s...
Ia0656a3cb:Move hal_dumpstate's property from goldfish

Change-Id: I3a49545d3ee69fdae54ad66e44ec28b6cbfb4b87
 2020-08-18 01:41:13 +00:00
Treehugger Robot
e21c57db87 Merge "Add persist.dumpstate.verbose_logging.enabled to system/sepolicy" am: 1a25123361 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1401269

Change-Id: I0766a9105c4eb55d0d3954bdd6dfa828da2641eb
 2020-08-18 01:11:16 +00:00
Treehugger Robot
1a25123361 Merge "Add persist.dumpstate.verbose_logging.enabled to system/sepolicy" 2020-08-18 01:00:14 +00:00
Roman Kiryanov
dc2f9a86f0 Add persist.dumpstate.verbose_logging.enabled to system/sepolicy 
hardware/interfaces/dumpstate/1.1 refers to this property,
so it must be defined in system/sepolicy.

Bug: 163759751
Test: atest VtsHalDumpstateV1_1TargetTest
Signed-off-by: Roman Kiryanov <rkir@google.com>
Change-Id: I058100eacd05e32de56e0ff9de465625a2e71e9c
 2020-08-17 16:45:47 -07:00
Marco Ballesio
11f7f38284 sepolicy support for cgroup v2 am: 8f280b0847 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1322006

Change-Id: Ic7157a2cebd629e83f977fa29ae1f8ffbce688db
 2020-08-17 19:01:40 +00:00
Marco Ballesio
8f280b0847 sepolicy support for cgroup v2 
cgroup v2 is going to be used for freezer v2 support. The cgroup v2 hiearchy
will be mounted by init under /sys/fs/cgroup hence proper access rights
are necessary for sysfs. After mounting, the cgroup v2 kernfs will use
the label cgroup_v2 and system_manager will handle the freezer

Bug: 154548692
Test: verified that files undes sysfs and cgroup v2 kernfs are accessed
as required to allow proper functioning for the freezer.

Change-Id: Idfb3f6e77b60dad032d1e306d2f9b58cd5775960
 2020-08-17 09:49:10 -07:00
Chris Weir
4d4ae7246a Merge "Enable CAN HAL Configuration Service" am: f5f23b7e03 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1239831

Change-Id: I738a9b38441a4a25b7b2aad149884207cd4419ae
 2020-08-13 16:33:58 +00:00
Chris Weir
f5f23b7e03 Merge "Enable CAN HAL Configuration Service" 2020-08-13 16:18:27 +00:00
Martijn Coenen
df9dc40e9b Merge "Add policy for LOOP_CONFIGURE ioctl." am: cdecd3ca4c 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1396648

Change-Id: Ie44ce55eaad8484ac1bbd019ac452f57a249d9a4
 2020-08-12 07:03:40 +00:00
Martijn Coenen
cdecd3ca4c Merge "Add policy for LOOP_CONFIGURE ioctl." 2020-08-12 06:38:37 +00:00
Treehugger Robot
232c15cb90 Merge "Revert "gmscore_app is attempting to access /dev/ashmem"" am: 5b1f0808b7 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1394238

Change-Id: Id0e4b7fdc6809ba6d0ad9666b0888bdf620c7b9a
 2020-08-11 23:23:45 +00:00
Treehugger Robot
5b1f0808b7 Merge "Revert "gmscore_app is attempting to access /dev/ashmem"" 2020-08-11 23:04:28 +00:00
Martijn Coenen
47f61db25e Add policy for LOOP_CONFIGURE ioctl. 
This is a new ioctl for configuring loop devices, and is used by apexd.

Bug: 148607611
Bug: 161575393
Test: boot on device with/without LOOP_CONFIGURE
Change-Id: I9ef940c7c9f91eb32a01e68b858169c140d15d0f
Merged-In: I9ef940c7c9f91eb32a01e68b858169c140d15d0f
 2020-08-11 13:22:09 +00:00
Treehugger Robot
fab591d17c Merge "Revert "sepolicy: remove hal_light_severice exception"" am: 05a25295c1 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1396229

Change-Id: I063f6de40640e9d3938700207de205a0fc2ffb27
 2020-08-11 08:32:13 +00:00
Treehugger Robot
05a25295c1 Merge "Revert "sepolicy: remove hal_light_severice exception"" 2020-08-11 08:15:58 +00:00
Nelson Li
ea973db671 Revert "sepolicy: remove hal_light_severice exception" 
This reverts commit e83da12576.

Reason for revert: It cause build break

Bug: 163434807
Change-Id: I756d313c52d243f37294aa57d31c43b0a14bc05f
 2020-08-11 05:46:20 +00:00
Treehugger Robot
8f04003ad0 Merge "sepolicy: remove hal_light_severice exception" am: cfa9edcbfd 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1393370

Change-Id: I46d626b09d6def62dde7e6d6a25ec09d230f4bed
 2020-08-11 04:30:44 +00:00
Treehugger Robot
cfa9edcbfd Merge "sepolicy: remove hal_light_severice exception" 2020-08-11 04:11:29 +00:00
Treehugger Robot
6149cc6fcd Merge "Prepare sepolicy for launching Keystore 2.0 service" am: 8cd90a5d20 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1395528

Change-Id: I34d80e17ee3487bbbc765f6b0fceca68a0cb36d5
 2020-08-11 00:44:18 +00:00
Treehugger Robot
8cd90a5d20 Merge "Prepare sepolicy for launching Keystore 2.0 service" 2020-08-11 00:33:47 +00:00
Janis Danisevskis
ff98459989 Prepare sepolicy for launching Keystore 2.0 service 
This patch labels /system/bin/keystore2 as a keystore executable and
allows keystore to register "system.security.keystore2" with the service
manager.

Bug: 160623310
Test: None
Change-Id: I1812e565438c2b8ae55c8d10bcc8450d27717697
 2020-08-10 14:40:20 -07:00
Hridya Valsaraju
efd277f8a7 Revert "gmscore_app is attempting to access /dev/ashmem" 
Test: build, boot
Change-Id: Id7bff6db07ab7aa0695e132a9d9ffae4912f401c
 2020-08-10 17:07:52 +00:00
Hasini Gunasinghe
d633424574 Merge "Allow keystore to write to statsd." am: 3e190653d7 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1329553

Change-Id: If9c1b725e39c8a14ec4dd5c21063b43405c5d511
 2020-08-10 15:23:53 +00:00
Hasini Gunasinghe
3e190653d7 Merge "Allow keystore to write to statsd." 2020-08-10 15:09:49 +00:00
linpeter
e83da12576 sepolicy: remove hal_light_severice exception 
Bug: 148154485
Test: build pass, HBM switch
Change-Id: I65e7d8d4783af9427c05f6082fd487b79f70397f
 2020-08-10 09:59:15 +08:00
Evgenii Stepanov
b4b258a75a Property contexts for ro.sanitize.* am: cc782e4516 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1367776

Change-Id: I2e76adeeabce3b3f29c3907022261a74ef203025
 2020-08-07 22:58:55 +00:00
Hasini Gunasinghe
83e1f14f93 Allow keystore to write to statsd. 
Keystore logging is migrated to use statsd. Therefore,
	keystore needs permission to write to statsd.

Test: Treehugger passes.
Bug: 157664923
Change-Id: If15ee3eb2ae7036dbaccd31525feadb8f54c6162
Merged-In: I2fb61fd7e9732191e6991f199d04b5425b637830
 2020-08-07 16:35:18 +00:00
Evgenii Stepanov
cc782e4516 Property contexts for ro.sanitize.* 
Bug: 142430632
Test: adb shell getprop ro.sanitize.hwaddress in hwasan build
Change-Id: I106ed955c7c0c73234e55d1b896b446b75a251cc
 2020-08-06 23:30:07 +00:00
Inseob Kim
6463d7a888 Remove exported2_system_prop am: 96b9d86a0e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1392876

Change-Id: Ia5877bf261d0e1df1e204ceb7a457dacbe13b95e
 2020-08-06 05:41:05 +00:00
Inseob Kim
96b9d86a0e Remove exported2_system_prop 
It's not used anymore.

Bug: 161659925
Test: boot
Change-Id: I5b08bdace28a509d464759a66025c951178225c6
Merged-In: I5b08bdace28a509d464759a66025c951178225c6
(cherry picked from commit 7d96ddbfb0)
 2020-08-06 12:52:32 +09:00